Search Results (2568 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-7870 1 Ibm 1 I 2026-06-16 8.8 High
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2026-24051 1 Opentelemetry 1 Opentelemetry 2026-06-15 7 High
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.
CVE-2026-11879 1 Mobatek 2 Mobaxterm Personal Edition, Mobaxterm Personal Edition Portable 2026-06-12 N/A
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
CVE-2026-11967 1 Mobatek 2 Mobaxterm Personal Edition, Mobaxterm Personal Edition Portable 2026-06-12 N/A
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.
CVE-2026-11986 1 Redhat 4 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform Expansion Pack and 1 more 2026-06-12 4.9 Medium
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrator with limited permissions to remove highly privileged roles from other users or groups, potentially disrupting administrative access control.
CVE-2026-48565 1 Microsoft 1 Windows Narrator Braille 2026-06-12 7.8 High
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-53813 1 Openclaw 1 Openclaw 2026-06-12 7.8 High
OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing malicious code or accessing sensitive data.
CVE-2026-53819 1 Openclaw 1 Openclaw 2026-06-12 8.8 High
OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.
CVE-2026-10847 1 Checkpoint 1 Identity Agent 2026-06-11 7.8 High
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
CVE-2026-0268 1 Palo Alto Networks 1 Prisma Access Agent 2026-06-11 N/A
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
CVE-2026-47648 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-10 7 High
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-8637 1 Lenovo 1 Lanschool Classic 2026-06-10 7.8 High
A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-24064 1 Waves Audio 1 Waves Central 2026-06-10 7.8 High
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.
CVE-2024-43616 1 Microsoft 6 365 Apps, Office, Office 2019 and 3 more 2026-06-09 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43576 1 Microsoft 3 365 Apps, Office 2024, Office Long Term Servicing Channel 2026-06-09 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2026-11400 1 Aws 1 Aws Advanced Jdbc Wrapper 2026-06-09 8 High
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.
CVE-2026-36574 1 Wassimulator 1 Cactusviewer 2026-06-08 7.8 High
A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
CVE-2026-11401 1 Aws 1 Aws Advanced Go Wrapper 2026-06-08 8 High
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26
CVE-2026-28704 2 Japan Computer Emergency Response Team Coordination Center (jpcert/cc), Jpcert 2 Emocheck, Emocheck 2026-06-08 N/A
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.
CVE-2026-41567 1 Moby 1 Moby 2026-06-05 7.2 High
Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images